EP2535833A1 - Verfahren zur Sicherung eines elektrischen Geräts - Google Patents

Verfahren zur Sicherung eines elektrischen Geräts Download PDF

Info

Publication number
EP2535833A1
EP2535833A1 EP11305746A EP11305746A EP2535833A1 EP 2535833 A1 EP2535833 A1 EP 2535833A1 EP 11305746 A EP11305746 A EP 11305746A EP 11305746 A EP11305746 A EP 11305746A EP 2535833 A1 EP2535833 A1 EP 2535833A1
Authority
EP
European Patent Office
Prior art keywords
crs
secure element
secure
elements
client1
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP11305746A
Other languages
English (en)
French (fr)
Inventor
Jean-Luc Meridiano
Christophe Arnoux
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SA
Original Assignee
Gemalto SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto SA filed Critical Gemalto SA
Priority to EP11305746A priority Critical patent/EP2535833A1/de
Publication of EP2535833A1 publication Critical patent/EP2535833A1/de
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B13/00Burglar, theft or intruder alarms
    • G08B13/02Mechanical actuation
    • G08B13/14Mechanical actuation by lifting or attempted removal of hand-portable articles
    • G08B13/1427Mechanical actuation by lifting or attempted removal of hand-portable articles with transmitter-receiver for distance detection

Definitions

  • the invention relates in particular to a pairing made between several electronic devices in order to render these devices inoperative in case of theft.
  • Domestic electronic devices such as, for example, televisions, computers, or media players, are a frequent target of theft, by their ease of transportation, and resale.
  • a stolen electronic device can not be traced, deactivated, or blocked, as could be for example a mobile phone.
  • the present invention proposes a solution to this problem, by rendering an electronic device inoperative in the event of theft.
  • the invention relates, in a first step: a method of securing a first electrical device said client1, with a second electrical device called CRS, each of these devices comprising at least one secure electronic element.
  • These secure electronic elements having at least one means of communication, a memory containing an identifier, and a processor.
  • This secure channel can be established according to a symmetric cryptographic scheme and a so-called code pairing code, known from each of the secure elements.
  • This pairing code can be generated by one of the secure elements, or be provided by the user to at least one of the elements (3, 4).
  • the communication key can be generated by the secure element of the CRS, or it can be generated randomly.
  • the invention also relates to an electrical device containing a secure element comprising at least one communication means, a memory and a processor, this secure element is able to prevent the putting into service of the electrical device without a successful authentication with a second element. secure, contained in a second electrical device.
  • the figure 1 illustrates an implementation of the invention with a first electronic device 1, called "CRS" (Secure Network Controller) illustrated by an electric meter, and a second electronic device 2 illustrated by a television.
  • CRS Cure Network Controller
  • Each of these devices comprises a secure element, 3 and 4, according to the invention, for example an electronic chip.
  • this secure element is an electronic component integrated in the devices, and thus not extractable. For this reason, the chip of a device, and the device itself may be confused in the present description, without prejudice to the understanding of the invention.
  • the chips include at least one non-volatile memory, a volatile memory, calculation means and communication means.
  • the nonvolatile memory of the chips contains at least one "unique" identifier.
  • This identifier can advantageously be a serial number of the secure element, but it can also be any information enabling differentiation of the secured elements, for example a user-defined identifier if it is possible for it to be registered (device electric devices provided with an input means, for example a keyboard or a remote control).
  • the chip 3 of an electronic device such as the TV 2 of the figure 1 allows to allow or not the start of the electronic device as such.
  • commissioning will be used in this specification to refer to the placing of a device in a state where it can provide the service for which it was designed. This expression designates, for example, for a television the state in which it makes it possible to display images and sound requested by the user. In most cases, commissioning is when the power is turned on. However, it is possible that devices have standby states (for example during which they display the time), so under power, that the present description is distinguished from the actual functional state.
  • the chip is connected to the power supply of the device.
  • the chip locks a master and essential component of the device, for example the block "switching power supply" for a TV, the tuner for a satellite decoder, etc ...
  • an electronic device 2 (here the TV) is in an unpaired mode. In this mode, it is inoperative. Its lighting only allows access to an initialization procedure.
  • each of the chips 3 and 4, contained in the devices 1 and 2 have in their non-volatile memory at least one information on the type of the device with which it is associated.
  • This type can for example be "CRS”, "audio device”, “video device”, “television”, etc.
  • the chip 3 of the television set 2 will search accessible communicating electronic devices.
  • This communication is done through any means of communication known to those skilled in the art, such as a network cable, a PLC connection (for in-line carrier current), a radio frequency communication, etc.
  • This search can be done, for example according to the model defined in the Bluetooth standard, or by any other means known to those skilled in the art.
  • the chip 3 of the television 2 will collect the type or types of each of these devices thus identified.
  • the chip 3 of the TV will identify the device 1 CRS type, so the electricity meter, and initiate a pairing procedure with the chip 4 it contains.
  • the pairing procedure is preferably initiated by the unpaired device, here the TV 2.
  • the chip 4 of the counter 1 sends the chip 4 of the counter 1 a pairing request 7.
  • the pairing is done by checking the knowledge of each of the devices to be paired, a code called said pairing code.
  • This code can be generated by one of the two devices, and inserted into the other.
  • This procedure requires a display means in, at least the device generating the code to transmit it to the user, and an input means in at least the device to receive it. In a preferred mode, it is the CRS that generates this code, and then it enters the new device to be paired.
  • the electric meter 1 generates (with its chip 4) a code, which is displayed on its screen. The user enters this code with the chip 3 of the TV 4 with the buttons on the remote control.
  • this code can also be chosen arbitrarily by the user, in which case it is necessary to provide it to CRS 1 and the device to be paired 2.
  • Verification of the mutual knowledge of this pairing code can be done by any known means, in particular that defined in the Bluetooth protocol, or by any of the known cryptographic methods of mutual authentication based on a common secret.
  • This code makes it possible to establish a secure communication channel between the two secure elements according to any symmetrical algorithm.
  • the pairing procedure according to the invention provides for an exchange of the identifiers of the two secure elements.
  • the secure element of the device being paired sends its identifier to the secure element of the CRS, and the secure element of the CRS sends its identifier to the secure element contained in the device being paired.
  • This exchange of identifier can for example be done through the secure communication channel.
  • the pairing procedure ends with the creation of a key 5 called the key of communication.
  • This key can be generated by any means known to those skilled in the art, for example randomly or according to the Diffie-Hellman algorithm.
  • This key can be generated by the secure element of the CRS (for example randomly, or from a random number), and then transmitted to the secure element of the device being paired through the secure communication channel.
  • this key can be defined by the user, in which case he can either enter the secure element of the CRS, which will transfer it to the secure element of the device being paired through the secure communication channel, or enter it into each of the secure elements through the input interfaces of the corresponding devices.
  • This key is unique to the two paired devices. Thus each pairing between two devices will generate a communication key.
  • An electrical device (excluding CRS) according to the invention can be paired with only one other device: a CRS.
  • the CRS is paired with all the electrical devices according to the invention.
  • This key 5 is stored in the non-volatile memory of the secure elements 3 and 4 of the CRS 1 as well as the device being paired 2.
  • this key is recorded in the chip 3 of the television 2, and in the chip 4 of the electric meter 1.
  • the chip 3 of the television 2 thus contains, in addition to the information already present, the identifier of the electric meter 1 and the associated communication key 5.
  • the chip 4 of the electric meter 1 contains, in addition to information already present, the identifier of the television 2, and the associated communication key 5.
  • the secure element 4 and 17 of the CRS 1 and 16 contains all the identifiers of the devices that are paired 2, 10 and 13, and the corresponding communication keys 5, 12 and 15.
  • the system described in figure 2 presents a CRS device 16 according to the invention, illustrated by a electric meter, and two paired devices 10 and 13, illustrated by a television and a computer, each containing an electronic chip 11 and 14, according to the invention.
  • the chip 17 of the electric meter contains the identifiers of the chips 11 and 14 of the television and the computer, as well as the respective communication keys 12 and 15.
  • the chip 14 that it contains enters an authentication phase.
  • the chip 14 of the computer starts a procedure of "mutual recognition / verification": it consists in checking the presence of the chip 17 of the electric meter, as well as his knowledge of the communication key 15 contained in the chip of the computer. This knowledge can be done for example by sending a message to the chip 17 of the electricity meter 16, encrypted with the aid of the recorded communication key 15, and waiting for a message-dependent response. sent, also encrypted by the same key. If this verification is successful, the computer can be put into service.
  • the chip 14 of the computer can advantageously enter a so-called alert mode.
  • the user is informed, for example through a message displayed on the computer screen, of the situation.
  • This situation can occur, for example, in the event of failure or extinction of the electricity meter, or even in case of theft of the computer.
  • one embodiment of the invention provides a system where, in turn, certain apparatuses which have the capacity to do so, can take the role of "CRS" by exchange. key securely enough.
  • the CRS change mechanism (also called reallocation mechanism) can be randomized or based on a time counter.
  • the chip 17 of the electric meter identifies the paired devices, active at this given instant, and able to take the function of CRS, then authenticates each in turn.
  • the ability of the devices to take the function of CRS can advantageously be based on the "type" contained in the respective secure elements, or depending on the technical capabilities of the chips contained in the devices or devices themselves. For example the ability to generate a communication key, or to communicate this key to the user.
  • the computer 13 and the TV 10 a choice can designate one of them, said new CRS. This choice can be made randomly, or for example with the participation of the user. In the example of the figure 2 , the television 10.
  • the chip 17 of the electricity meter exchanges the communication keys 15 and 12, which it contains with the chip 11 of the television, which then informs the chip contained in the computer of its identifier.
  • the chip 14 contained in the computer inscribes this new identifier in its memory instead of the identifier of the previous CRS, by associating it with the communication key 15 already registered. This mechanism makes it possible not to provoke new generations of keys between the devices and the new CRS. However, a reset of all pairings remains a solution according to the invention.
  • the chips 17 and 14, the electric meter 16 and the computer 13 contain the identity of the chip 11 of the television 10 and their respective communication keys 12, and 15.
  • a particularly advantageous mode of the invention provides an unlocking system for each device paired with the "CRS".
  • This system may consist of a common key called “master key”, recorded in each device during the pairing phase, which allows, once seized in a device, to put it in a state said unpaired.
  • this key once defined, is recorded in the CRS, which transmits it to each of the paired devices, encrypted with the corresponding communication key.
  • This key can be chosen by the user or generated by the CRS, and is preferably common to all devices paired with the same CRS for reasons of simplicity.
  • this key can be contained in an independent electronic device (for example a USB key) which will be inserted into each of the devices to be unlocked.
  • an independent electronic device for example a USB key
  • This procedure also makes it possible to release a device from the influence of the CRS, for example to sell it.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Selective Calling Equipment (AREA)
EP11305746A 2011-06-15 2011-06-15 Verfahren zur Sicherung eines elektrischen Geräts Withdrawn EP2535833A1 (de)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP11305746A EP2535833A1 (de) 2011-06-15 2011-06-15 Verfahren zur Sicherung eines elektrischen Geräts

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP11305746A EP2535833A1 (de) 2011-06-15 2011-06-15 Verfahren zur Sicherung eines elektrischen Geräts

Publications (1)

Publication Number Publication Date
EP2535833A1 true EP2535833A1 (de) 2012-12-19

Family

ID=44484765

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11305746A Withdrawn EP2535833A1 (de) 2011-06-15 2011-06-15 Verfahren zur Sicherung eines elektrischen Geräts

Country Status (1)

Country Link
EP (1) EP2535833A1 (de)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11329827B2 (en) 2014-09-02 2022-05-10 Apple Inc. Method of using one device to unlock another device
CN115202952A (zh) * 2022-09-15 2022-10-18 北京智芯微电子科技有限公司 电能表费控功能的测试方法、系统及测试主机、存储介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2843819A1 (fr) * 2002-08-21 2004-02-27 Thomson Licensing Sa Appareil electrique securise contre le vol, systeme antivol comportant un tel appareil et procede d'appariement d'appareils electriques

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2843819A1 (fr) * 2002-08-21 2004-02-27 Thomson Licensing Sa Appareil electrique securise contre le vol, systeme antivol comportant un tel appareil et procede d'appariement d'appareils electriques

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11329827B2 (en) 2014-09-02 2022-05-10 Apple Inc. Method of using one device to unlock another device
CN115202952A (zh) * 2022-09-15 2022-10-18 北京智芯微电子科技有限公司 电能表费控功能的测试方法、系统及测试主机、存储介质

Similar Documents

Publication Publication Date Title
WO2003107585A1 (fr) Procédé d'échange sécurisé d'informations entre deux dispositifs
EP2884716A1 (de) Authentifizierungsverfahren über Jeton
EP3238474B1 (de) Verfahren zur sicherung kontaktloser transaktionen
FR2926938A1 (fr) Procede d'authentification et de signature d'un utilisateur aupres d'un service applicatif, utilisant un telephone mobile comme second facteur en complement et independamment d'un premier facteur
WO2009019298A1 (fr) Système d'information et procédé d'identification par un serveur d'application d'un utilisateur
EP1393527A1 (de) Verfahren zur authentifizierung zwischen einem tragbaren funkgerät und einem netzdienstleister
EP1525748A1 (de) Verfahren und elektronischer modul für sicheren datenübetragung
WO2006125885A1 (fr) Procede de controle de la connexion d'un peripherique a un point d'acces, point d'acces et peripherique correspondants
WO2013050296A1 (fr) Procede de telechargement securise de cles d'acces au moyen d'un dispositif mobile
EP1867189A1 (de) Gesicherte übertragung zwischen einem datenbearbeitungsgerät und einem sicherheitsmodul
EP3552327A1 (de) Verfahren zur personalisierung einer sicheren transaktion während einer funkkommunikation
EP1949590A1 (de) Verfahren zum sicheren deponieren digitaler daten, diesbezügliches verfahren zum wiederherstellen digitaler daten, diesbezügliche einrichtungen zum implementieren von verfahren und system mit den einrichtungen
EP2535833A1 (de) Verfahren zur Sicherung eines elektrischen Geräts
EP3672374A1 (de) Vorrichtungen und verfahren zur abgleichung einer drahtlosen steuerungsvorrichtung mit einem elektronischen gerät
FR3051273A1 (fr) Technique d'authentification d'un dispositif utilisateur
EP4260210A1 (de) Verwaltungsverfahren zur authentifizierung eines benutzers einer vorrichtung auf einem geräteelement durch pasword
FR3067192B1 (fr) Appareil electronique comportant deux memoires et procede d'appairage associe
EP3552136B1 (de) Verfahren zur verwaltung einer zugangsberechtigung zu einem dienst für eine kommunikationsvorrichtung
FR3043291A1 (fr) Communication entre deux elements de securite inseres dans deux objets communicants
WO2020128203A1 (fr) Procédé et système de sécurisation d'opérations, et poste utilisateur associé
EP1723788B1 (de) Prozess zur verwaltung der handhabung von daten des bedingten zugangs durch mindestens zwei decodierer
FR3100407A1 (fr) Procédé pour activer des droits d’accès à un service auquel a souscrit un abonné
EP1883034A2 (de) Methode zum Schützen eines elektronischen Geräts durch Verwendung einer Chipkarte
WO2017089710A1 (fr) Procédé de distribution de droits sur un service et plateforme de service
FR3108224A1 (fr) Procédé de gestion d’une phase de demande d’appairage entre dispositifs de traitement de données.

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20130620